It is kind funny (or click-baitish) articles with "one click" seems. From a developer point of view, pretty much anything can be done with just one click.
The point is that it requires just one click (on a link) from the target user to steal their credentials, which is relatively easy to convince people to do, as opposed to a more complicated sequence of steps.